Microsoft will roll out 'key' GDPR rights globally... not just in Europe

The clock is ticking for the arrival of GDPR (or General Data Protection Regulation) in Europe. As of May 25 -- this Friday -- new regulations will give people greater access to the data companies store about them and the right to have it deleted.

Microsoft is among the global technology firms that will have to comply with the laws in Europe and -- pointing out how it appreciates "the strong leadership by the European Union on these important issues" -- the company says that it will also roll out some of the benefits of the privacy legislation on a global basis. It will be known as Data Subject Rights.

Microsoft's corporate vice president and deputy general counsel, Julie Brill, says that the company believes that privacy is a fundamental human right, and also the foundation of trust. It is with this in mind, and having worked with over 1,600 engineers over the last couple of years to ensure GDPR compliance, that Microsoft "will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide".

Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.

She goes on to say that Microsoft has a new privacy statement that applies to customers around the world:

This week, we have also published an updated privacy statement governing our consumer products and services. The new privacy statement reflects our decision to extend key rights under GDPR to consumers around the world. It also incorporates more specific information and changes related to GDPR. But perhaps most importantly, it is designed to be clearer and more transparent. You can read the new privacy statement here.

A breakdown of the changes that have been introduced to the Privacy Statement this month reveals what's new for customers globally:

We made edits throughout the privacy statement intended to improve transparency and readability. For example, we:

added new categories of personal data we collect, such as voice data, content consumption data, and browse history;

added new uses of personal data;

simplified text and eliminated duplicative text and qualifiers such as "we may";

updated specific descriptions of how Microsoft uses personal data. For example, we added text to describe how we use personal data for promotional communications and legal compliance, and we provided information about where Microsoft uses automated systems to process personal data. Additionally, we moved some details about our advertising practices to a separate section under Other Important Information.

In the How to Access & Control Your Personal Data section, we described how customers can access their personal data and made the text applicable to all customers, regardless of their location.

In the Cookies and Similar Technologies section, we updated the description of the cookies Microsoft uses.

In the Notice to End Users section, we clarified cases when organizations, like an employer or school, have access to an individual’s personal data.

In the Microsoft Account section, we clarified the differences between the three types of Microsoft accounts.

In the Other Important Privacy Information section, we:

moved the contents of the European Privacy Rights subsection to the How to Access & Control Your Personal Data and How to Contact Us sections.

added a section called Advertising, using text from the original How We Use Personal Data section, to describe Microsoft’s advertising practices and commitments;

clarified how and when Microsoft makes changes to the privacy statement;

identified which Microsoft entities are data controllers under the GDPR, how to contact us, and how to lodge a complaint.

In the Enterprise and Developer Products section, we:

described how basic, aggregated account information related to Enterprise Online Services may be shared with authorized partners in certain circumstances.

identified that Microsoft is a data processor under the GDPR when providing the Enterprise Online Services.

In the Office and Skype sections we described new features and updated how existing features and functionality process personal data. For example, we explain how Cortana words in Skype.

In Search and Artificial Intelligence, we described our most current features and functionality. For example, in the Cortana subsection, we described the personal data Microsoft collects from users who are signed in and signed out of the service.

In the Windows section, we removed text about a service, Wi-Fi Connecting to suggest open hotspots, that is no longer available. Under Web Browsers, we described the type of browser data that syncs across devices.

In the Entertainment and Related Services section, we updated how existing features and functionality process personal data and provided new information on Xbox, Xbox Live, and Mixer.

We added a hyper link to access the privacy policy of our subsidiary LinkedIn.